Title 

Method and system for controlled online access from a 
terminal user to a content service 

5 Field of the invention 

The present invention is related to online access to 
content services. More specifically, a method and system 
for controlled access to content services where a terminal 
user can be allowed or refused access to a content service 
10 and the use thereof are disclosed. 

Background of the invention 

A solution for controlled online access from a 
terminal user to a content service is already known where 

15 the terminal user has to provide a username and password in 
order to get access to the content service. When the 
username is not known or when the password is invalid the 
user will be denied access. A disadvantage of this solution 
is that a username and password need to be registered. This 

2 0 implies that the terminal user and the content provider 
need to perform a registration step, which is time 
consuming and annoying . 

For chargeable content services the terminal user can 
25 also be denied access based on a billing account for that 
user. Known solutions based on this principle have a 
disadvantage in that, when the billing account does not 
exist or when the billing account has insufficient balance, 
the terminal user has to perform an additional step to 
30 create a new billing account or to update its balance. 

Again this additional step is time consuming and annoying. 
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Another solution for controlled online access to 
chargeable content services is known from WO 97/01920. This 
invention is based on the idea that an access from a user's 
data terminal to a chargeable service is offered to the 
5 user for the time period during which a connection exists 
from the user' s telephone to a predetermined telephone 
number. A disadvantage of this solution is that the user 
needs two devices, namely a data terminal and a telephone, 
to be allowed access to a content service. Another 

10 disadvantage of this solution is that two connections are 

needed at the same time, namely the telephone connection to 
allow access and the data connection to use the content 
service. There are numerous situations where the user is 
not able to have two connections at the same time. An 

15 example of this is a user having only one connection to a 
POTS (Plain Old Telephony System) and this one connection 
is used for both telephony and Internet access, but not at 
the same time. Another example is a user in a mobile 
telecommunications network, e.g. a GSM/GPRS network, where 

20 the mobile terminal can make a telephone connection via GSM 
and a data connection via GPRS, but not at the same time 
because of limitations of the user's terminal. 

Yet another solution for controlled online access to 

25 chargeable content services is known from 

http : //www . audiotext . nl/newsite/betaalgateway_imode . htm . In 
this solution activating a number, i.e. a second code in 
the present invention, by a customer on an i-mode site, 
activates a payment gateway, called a first system in the 

30 present invention. In a dialog with a voice response 

application, i.e. a second system in the present invention, 
the customer receives an access code. This access code has 
to be entered on the i-mode site. Next the gateway allows 
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access to the chargeable content. A disadvantage of this 
solution is that the customer receives the access code by- 
listening to the response of the voice response system. 
Often codes transmitted in this way are not caught 
5 correctly. In a next step the customer has to enter the 

received code on the i-mode site. This step is susceptible 
to typing errors. The whole procedure of receiving and 
entering the access code is time consuming and can be 
annoying to the customer. 

10 

Problem definition 

Thus the prior art fails to disclose a solution to get 
access from a terminal user to a content service without 
having to perform additional time-consuming and annoying 

15 steps or without having to use two separate devices or 

having to make two simultaneous connections. A solution for 
controlled online access from a terminal user to a content 
service, wherein the above mentioned additional steps are 
not necessary, is required for applications such as user- 

20 friendly chargeable content provisioning to terminal users 
in a mobile telecommunications network like GSM/ GPRS . 

Aim of the invention 

The aim of the invention is to provide a solution to 

25 enable controlled online access from a terminal user to a 
content service wherein no time-consuming registration 
steps, which are also annoying to the customer, or time- 
consuming billing steps have to be performed, only one 
terminal is needed by the user and only one connection can 

30 be active at the time. 
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Summary of the invention 

The present invention provides a solution to enable 
controlled online access from a terminal user to a content 
service wherein no time-consuming registration steps, which 
5 are also annoying to the customer, or time-consuming 

billing steps have to be performed, only one terminal is 
needed by the user and only one connection needs to be 
active at the time. 

10 In the present invention controlled online access from 

a terminal user to a content service can be provided via a 
telecommunications system, the telecommunications system 
comprising a network, at least one terminal being connected 
to the network, the terminal comprising a display for 

15 displaying content services. The network can comprise a 
packet -switched domain and a circuit -switched domain. 

A method is claimed for use in a first system, the 
first system being connected to a second system, but it 
20 also being possible that the first system and the second 

system are one and the same. The first system is connected 
to a means for storing billing data of terminal users. The 
method can comprise the following steps or a subset of the 
following steps: 
25 - receiving in the first system a request from the 
terminal for access to the content service, said 
request being sent from the terminal to the first 
system using the network, possibly using the packet - 
switched domain, said request comprising a first code 
30 for identifying the terminal user and/or terminal, 

allowing or refusing online access from said terminal 
to said content service based on the terminal user's 
billing data, 
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Note that the steps in the above -described methods of 
the invention do not have to be performed in the given 
order. 

5 The invention also relates to a system arranged to 

perform the above-mentioned methods of the invention. 

Brief description of the drawings 

The invention will be explained in greater detail by 
10 reference to exemplary embodiments shown in the drawings, 
in which: 

Fig.l shows a block diagram according to an exemplary 
embodiment of the invention; 

Fig. 2 shows a block diagram of an alternative 
15 exemplary embodiment of the invention; 

Fig. 3 shows a block diagram of another alternative 
exemplary embodiment of the invention; 

Fig. 4 shows a flow diagram according to an exemplary 
embodiment of the invention; 
20 Fig. 5 shows a flow diagram of an alternative exemplary 

embodiment of the invention. 

Detailed description of the invention 

For the purpose of teaching of the invention, 

2 5 preferred embodiments of the method and system of the 

invention are described in the sequel. It will be apparent 
to the person skilled in the art that other alternative and 
equivalent embodiments of the invention can be conceived 
and reduced to practice without departing from the true 

30 spirit of the invention, the scope of the invention being 
only limited by the claims as finally granted. 
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Fig.l and Fig. 4 will be referred to in the following 
description. A terminal user (1) wants to have access to a 
content service (2) via a telecommunications system (3) . 
The telecommunications system (3) comprises a network (4) 
5 and a terminal (5) . The terminal (5) is used by terminal 
user (1) . To get access to a content service (2) the 
terminal user (1) sends a request to a first system (6) ; 
this request comprises a first code identifying the 
terminal (5) or terminal user (1) . The first system (6) 

10 receives the request (a) . The first system (6) decides (b) 
to allow (b2) or refuse (bl) access to the content service 
(2) based on the terminal user's billing data. Therefore a 
means (8) for storing billing data of terminal users is 
connected to the first system (6) , from which the terminal 

15 user's billing data is checked. In case of refusal, the 
first code and the second code are stored (d) with the 
terminal user's data. If it is not present the terminal 
user's data will be created (c) first. The terminal (5) 
will be provided (e) with information to set up a 

20 connection to a second system (7). This information 

comprises a second code identifying the request from the 
terminal user (1). The terminal user (1) receives the 
information on the terminal (5) and sends the second code 
or a related code to the second system (7) by using the 

25 provided information. A related code can e.g. be an 

encrypted form of the second code or a reference to the 
second code. The second system (7) receives (f) the second 
code. The terminal (5) will be allowed access (hi) (b) (b2) 
now. 

30 Fig. 5 shows a flow diagram of an alternative exemplary 

embodiment of the invention, where the terminal (5) will be 
allowed access (h2) on a next access request (a) . 
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Fig. 2 shows a block diagram of an alternative 
exemplary embodiment of the invention. Here the network (2) 
comprises a packet-switched domain (4a) and a circuit- 
switched domain (4b) . The terminal 5 can be connected to 
5 the first system (6) via the packet-switched domain (4a) 
and to the second system (7) via the circuit -switched 
domain (4b) . 

Fig. 3 shows a block diagram of another alternative 
exemplary embodiment of the invention. The terminal (5) can 
10 be connected to the content service (2) via the first 
system (6) . 

A solution to enable controlled online access from a 
terminal user (1) to a content service (2) based on Fig. 3 

15 and Fig. 5 will be described as an example in more detail. 
In this example terminal user (1) is a mobile 
customer, terminal (5) is a GSM/GPRS mobile phone, the 
packet -switched domain (4a) is a GPRS network and the 
circuit-switched domain (4b) is a GSM network. The mobile 

20 phone (5) is able to display internet-like content, e.g. 

i-mode content. In this example a content provider offers 
chargeable content (2). Access to the chargeable content 
(2) is only possible when connecting to the content service 
(2) via an access system (6) . When the mobile customer (1) 

25 tries to connect to the chargeable content service (2) 

directly, the mobile customer (1) will be redirected to the 
access system (6) . In other words, the mobile customer (1) 
will get a message on the display of the mobile phone (5) 
that it is impossible to connect to the content service (2) 

30 directly, and will be provided a new link which should be 
used to connect to the content service (2) . This link can 
be used as a first request (a) as mentioned in Fig. 5. 
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Now the mobile customer (1) can make a valid request 
(a) to access the chargeable content service (2). Together 
with the request a first code for identification is sent to 
the access system (6) . This identification can be used to 
5 identify the mobile customer. Examples of this type of 

identification are Mobile Subscriber ISDN number (MSISDN) , 
International Mobile Subscriber Identification (IMSI) and 
ICC Identification (ICCID) . These identifications are 
stored on the SIM card of the mobile customer (1) , which is 

10 inserted into the mobile phone (5) . Another example of a 
way to identify the mobile customer is to use a randomly 
created code, which is generated in the access system (6) 
and sent to the mobile phone (5) prior to the valid request 
(a) to access the chargeable content service (2) as 

15 described above. A randomly generated code can be used to 
identify the customer during the current session, i.e. as 
long as the mobile phone (5) is connected to the access 
system (6) . Instead of identifying the mobile customer it 
is also possible to identify the mobile phone by the 

20 International Mobile Equipment Identity (IMEI) that is 
stored in the mobile phone (5) . 

To have the mobile terminal (5) send the 
identification to the access system (6) the compact HTML 
(cHTML) language can be used. A link on a cHTML page to 

25 request access to a chargeable content service (2) 
including identification looks like this: 
<a href="link to request content service" utn> 
Adding the utn tag enables transmitting the IMEI+ICCID in 
the HTTP header from the mobile phone (5) to the access 

30 system (6) . The HTTP header is sent from the mobile 

terminal (5) to the access system (6) via the GPRS domain 
(4a) . 
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In case based on billing data of the mobile customer 
(8) access to the content service (2) is refused (bl) , e.g. 
when there is not enough balance or no billing data at all, 
a second code will be generated at the access system (6). 
This second code will be used to identify the requested 
content service (2) . Together with the first code 
identifying the mobile customer the second code identifying 
the requested service is stored (d) with the mobile 
customer's billing data (8), e.g. this can be done by using 
the Lightweight Directory Access Protocol (LDAP) . If it is 
the first time that the mobile customer (1) requests access 
to a chargeable content service (2) via the access system 
(6) the mobile customer's billing data (8) can be absent. 
In this case the mobile customer's billing data (8) can be 
created automatically first (c) . 

Next the access system (6) sends (e) a new cHTML page 
to the mobile phone (5) via the GPRS domain (4a) . On this 
cHTML page there can for example be information about the 
costs of the requested content service and a clickable 
button to connect to "the second" system (T) (~in this example - 
a Voice Response System (VRS) capable of receiving Dual 
Tone Mult i- Frequency (DTMF) tones) and send the second 
code. The link to the Voice Response System looks like 
this : 

<a href = "NoDTMFSupport .html" cti= » 1234 56 7 8 9/12 34 5 " > 
If the mobile phone (5) doesn't support sending DTMF a page 
NoDTMFSupport.html will be requested, resulting in not 
being able to receive the requested content service (2). If 
DTMF is supported the cti tag will have the mobile phone 
call the telephone number 123456789. This telephone number 
corresponds with the Voice Response System (7) . When a 
connection from the mobile phone (5) to the Voice Response 
System (7) via the GSM domain (4b) is made, the second code 
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identifying the requested content service (in this example 
the second code equals 12 34 5) is sent by using DTMF. 

When the second code is received (f) the mobile 
customer's billing data (8) containing the stored (d) 
5 second code is looked up, e.g. by using LDAP, and the 
mobile customer's billing data (8) is updated (g) . This 
updating (g) can for example mean that a counter indicating 
a number of allowed accesses is increased, or a specific 
amount of time that the mobile customer (1) is allowed to 

10 use the content service (2) is added. To have the customer 
pay for the requested content service a sum corresponding 
to a tariff of calling the Voice Response System, e.g. by 
using a premium 0900 number costing EUR 1,00 per call, is 
added. Alternatively from the second code the telephone 

15 number of the mobile customer, i.e. the MSISDN, could be 

derived and a premium SMS message, i.e. an SMS message the 
receiving party (the mobile customer) has to pay for, is 
sent to the mobile customer. Deriving can mean that the 
MSISDN is part of the second code or that it is encrypted 

20 in the second code. It could also be that with - the second ~ 
code a database containing the MSISDN is queried. 

On a next request from the mobile customer (1) to 
access the content service (2) access will be allowed (b2) 
because the mobile user's billing data (8) indicates that, 

25 e.g., there is enough balance now. 

Allowing access (b2) to the requested content service 
(2) can be achieved by using a proxy server, which can be 
part of the access system (6) . The proxy server retrieves 
the requested content service (2) and forwards it to the 

30 mobile phone (5). When the mobile customer's billing data 
(8) indicates that access is not allowed anymore, e.g. 
because a time limit is reached, the proxy server can block 
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access to the content service (2) and start the refusing 
access step (bl) of the invention. 

Allowing access (b2) can also be achieved by using a 
firewall, which can be part of the access system (6). In 
5 this case if the mobile customer (1) is allowed access (b2) 
a firewall rule should be set to allow connection to the 
content service (2) . In case of refusing access (bl) the 
firewall rule should be set to refuse connection to the 
content service (2) , resulting in a "page not found" error 
10 on the mobile phone (5) . 

The example above clearly shows that the aim of the 
invention is reached. The access system (6) enables 
controlled online access from the mobile customer (1) to a 

15 content service (2). No time consuming and annoying 

registration or registration steps have to be performed, 
instead the mobile customer (1) can access the requested 
content service (2) just by clicking the appropriate links, 
to pay and next to get access. Both steps are possible 

2 0 us i ng just one mobile" phone ~ Only "one connection ~~i~s~ active ~ 
at the time because the GPRS connection and GSM connection 
are made sequentially. 



